Originally posted by bemerk
View Post
Open-Source NVIDIA "Nouveau" DRM Changes Begin Queuing Ahead Of Linux 5.1
Collapse
X
-
Originally posted by bemerk View PostEven the nvidia driver has to load signed firmware so why wouldn't we be able to have signed files from it then?
It basically boils down to writing some pretty malware-like software to intercept this firmware loading process.
I quite frankly still think that the lack of any progress in this field is beyond suspicious, I mean if you can't reclock the card anyway, then Noveau is more a hobby project than something actually useful.
Comment
-
-
Guest
Originally posted by bemerk View PostCan we have a found raiser please and pay a developer to sift through the official Linux driver and its installer to find the necessary firmware required for reclocking?
The data has to be there
I wish they would just play along and stop releasing awful proprietary drivers, and then fail to maintain them through their life cycles they've announce. Free drivers that barely work might be better than ones that actually work, as they will keep people from buying Nvidia's hardware because of the situation with drivers.
Comment
-
We don't need custom firmware and the signing keys, just a few files. Nvidia gives out some of them, to make the hardware work, but just not enough to allow nouveau to come closer to the binary one. Someone fears that nouveau will steal the show or so. Cracking the key is impossible, but cutting out the necessary files in a script should be possible if someone skilled is looking for it.
Comment
-
-
Originally posted by lucrus View PostI'm afraid it's harder than you believe. If I got it right, the "signed" firmware has to be "signed". I don't know the details, but I believe you can't just cut it out of a driver file and expect the GPU will load it. I understand that the driver must sign the damn blob once per GPU, maybe using a GPU public key and a NVidia private key or something like that. Not sure anyway, just guessing, but there must be a real reason for that (well deserved) finger...
The firmware is signed from nvidia before been distributed. The check of the signature is done by the card that has the (public) key.
It just makes sure that the uploaded code is the same as the one signed.
Originally posted by starshipeleven View PostOne of the developers said why they don't do that. https://www.phoronix.com/forums/foru...07#post1051307
It basically boils down to writing some pretty malware-like software to intercept this firmware loading process.
I quite frankly still think that the lack of any progress in this field is beyond suspicious, I mean if you can't reclock the card anyway, then Noveau is more a hobby project than something actually useful.
Comment
-
-
Originally posted by iive View PostIf you don't know, then please, don't make absurd speculations.
Originally posted by starshipeleven View PostAfaik this was not possible because you can only load signed firmware, extracting it from the blob driver does not yeld a properly signed firmware.Originally posted by iive View PostThe firmware is signed from nvidia before been distributed
Comment
-
-
Originally posted by iive View PostActually it is just improving the mmiotracer to intercept DMA commands.
You want to know why? That tool does require debug features to be actually compiled in the kernel, and like most debug tools they are obvious gaping security holes, that aren't usually enabled in production kernels. https://www.mjmwired.net/kernel/Docu.../mmiotrace.txt
For example I would have to recompile my own kernel on OpenSUSE as "CONFIG_MMIOTRACE is not set" and I would also need CONFIG_DEBUG_FS.
Also, its usage does not seem that easy to automate either if I read that readme correctly.
Why this matters? Because you can't just have an experienced dev run this on select GPUs to extract the firmware and then redistribute it, as this would violate NVIDIA's license.
You would have to make a script that can do this on client PCs, and you would have to ask your users to recompile and install a debug-enabled kernel for this trick to work.
Is it possible? yeah. But I guess it is a massive PITA as if it was "just improving the mmiotracer" they would have done it already.
Comment
-
-
Originally posted by lucrus View PostSo absurd that they actually match what others said:
Then maybe nouveau devs are all stupid, but luckily there's you to show them how to extract the firmware from the official drivers and load it into the GPU, right?
It is absurd for the driver to sign the firmware. It means that the driver also contain the signing key. That key is far more valuable, as once it is found-out, it could be used to sign any custom created firmware. This is the reason the private key is kept in safe place in NVidia and the public key is placed inside the card.
Now, the driver might contain the firmware in obfuscated form, it may need to be decrypted before uploading. However the driver still needs to have the key for decrypting the file. At the end, it just means that extracting the firmware might need a bit more complicated program than a script.
Originally posted by starshipeleven View PostActually intercepting DMA commands is just malware-like.
You want to know why? That tool does require debug features to be actually compiled in the kernel, and like most debug tools they are obvious gaping security holes, that aren't usually enabled in production kernels. https://www.mjmwired.net/kernel/Docu.../mmiotrace.txt
For example I would have to recompile my own kernel on OpenSUSE as "CONFIG_MMIOTRACE is not set" and I would also need CONFIG_DEBUG_FS.
Also, its usage does not seem that easy to automate either if I read that readme correctly.
Why this matters? Because you can't just have an experienced dev run this on select GPUs to extract the firmware and then redistribute it, as this would violate NVIDIA's license.
You would have to make a script that can do this on client PCs, and you would have to ask your users to recompile and install a debug-enabled kernel for this trick to work.
Is it possible? yeah. But I guess it is a massive PITA as if it was "just improving the mmiotracer" they would have done it already.
Originally posted by imirkin View PostThis would require a much more sophisticated tracer that no one's bothered to write yet.
In other words, not every debug tool is malware, just because some malware could use debug tools.
Don't spread FUD.
You are correct that the firmware obtained through mmiotracer cannot be distributed, for legal reasons. It's however because its copyright is owned by NVidia, not because it breaks the license. Indeed it is a minor distinction, but it's the loophole that allows firmware extraction by users.
Finding out how to obtain the firmware from the binary drivers might require some RE and this is also legally risky for the developers. They should not be tainted by RE.
Comment
-
-
MMIOTrace can't be "changed" to intercept DMA. It works by removing PTEs on the relevant mmio areas, and installing a page fault handler which emulates the underlying instruction and figures out what address it would have read/written with what value.
In order to "intercept" the DMA, one would either have to do the same with an IOMMU, where I think faults aren't so easy to handle, and it's unlikely to be possible to restart the source transactions. A more probable approach is to make something that analyzes the trace data in real-time, and when it's detected that certain commands are being sent to the hardware, to also access the system memory which those commands are telling the GPU to retrieve data from.
Also, to clarify, the signed firmware is just a blob of data. Once it's identified, it's usually easy to make a tool that extracts it. I've even made a scanner that looks for firmware-type blobs in the code. https://github.com/envytools/firmware . I did this for the video decoding accel firmware, for example, as well as various gr firmware (fecs, gpccs).
Of course, once we have the firmware and can load it correctly (which is no easy feat), that's still only like 10% of the battle. Now we have to interact with this firmware properly in order to perform reclocking. It's not like one command, it's going to be a very complex procedure, heavily involving VBIOS table data, etc.
All in all, stick to Kepler. Or get AMD.
Comment
-
Comment